generated from ansible-collections/collection_template
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #49 from GomathiselviS/transit_gateway
Add manage_transit_gateway role
- Loading branch information
Showing
16 changed files
with
571 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| manage_transit_gateway | ||
| ================== | ||
|
|
||
| A role to create/delete a Transit Gateway with VPC/VPN attachments. | ||
|
|
||
| Requirements | ||
| ------------ | ||
|
|
||
| AWS User Account with the following permission: | ||
|
|
||
| * ec2:CreateTransitGateway | ||
| * ec2:DescribeTransitGateway | ||
| * ec2:DeleteTransitGateway | ||
| * ec2:CreateTransitGatewayVpcAttachment | ||
| * ec2:DescribeTransitGatewayVpcAttachment | ||
| * ec2:DeleteTransitGatewayVpcAttachment | ||
| * ec2:CreateVpnConnection | ||
| * ec2:DescribeVpnConnection | ||
| * ec2:DeleteVpnConnection | ||
|
|
||
| Role Variables | ||
| -------------- | ||
|
|
||
| * **action**: Whether to create or delete the transit gateway. Choices: 'create', 'delete'. | ||
| * **transit_gateway**: A dict of parameters needed to create transit gateway. | ||
| **asn**: A private Autonomous System Number (ASN) for the Amazon side of a BGP session. | ||
| **tags**: A dict of tags for the transit gateway. | ||
| **description**: Description for the transit gateway. | ||
| * **vpc_attachment**: A list of dict of parameters to create vpc attachments. | ||
| **name**: Name for the VPC attachment. | ||
| **tags**: A dict of tags for the attachment. | ||
| **subnets**: A list of subnets to be added to the attachment. | ||
| * **vpn_attachment**: A list of dict of parameters to create vpn attachments. | ||
| **customer_gateway_id**: Id of the customer gateway. | ||
|
|
||
| Dependencies | ||
| ------------ | ||
|
|
||
| - role: [aws_setup_credentials](../aws_setup_credentials/README.md) | ||
|
|
||
| Example Playbook | ||
| ---------------- | ||
| **Create a transit gateway with 2 VPC attachments** | ||
|
|
||
| - hosts: localhost | ||
| gather_facts: false | ||
| tasks: | ||
| - name: Create transit gateway | ||
| ansible.builtin.include_role: | ||
| name: cloud.aws_ops.manage_transit_gateway | ||
| vars: | ||
| action: "create" | ||
| transit_gateway: | ||
| asn: 4200000000 | ||
| description: "TGW for Cloud team" | ||
| tags: | ||
| "team": "cloud" | ||
| vpc_attachment: | ||
| - name: "vpc-attachment-001" | ||
| tags: | ||
| "team": "cloud" | ||
| subnets: | ||
| - "subnet-xxxx001" | ||
| - name: "vpc-attachment-002" | ||
| tags: | ||
| "team": "cloud" | ||
| subnets: | ||
| - "subnet-xxxx002" | ||
|
|
||
|
|
||
| **Create a transit gateway with VPN attachment** | ||
|
|
||
| - hosts: localhost | ||
| gather_facts: false | ||
| tasks: | ||
| - name: Create transit gateway | ||
| ansible.builtin.include_role: | ||
| name: cloud.aws_ops.manage_transit_gateway | ||
| vars: | ||
| action: "create" | ||
| transit_gateway: | ||
| asn: 4200000000 | ||
| description: "TGW for Cloud team" | ||
| tags: | ||
| "team": "cloud" | ||
| vpn_attachment: | ||
| - customer_gateway_id: "cgw-01b56884848a25446" | ||
|
|
||
| License | ||
| ------- | ||
|
|
||
| GNU General Public License v3.0 or later | ||
|
|
||
| See [LICENCE](https://github.com/ansible-collections/cloud.aws_ops/blob/main/LICENSE) to see the full text. | ||
|
|
||
| Author Information | ||
| ------------------ | ||
|
|
||
| - Ansible Cloud Content Team |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| --- | ||
| argument_specs: | ||
| main: | ||
| short_description: Creation/Deletion of transit gateway with vpc/vpn attachment | ||
| options: | ||
| action: | ||
| description: Action to be done. | ||
| type: "str" | ||
| default: "create" | ||
| choices: ["create", "delete"] | ||
| transit_gateway: | ||
| description: Transit Gateway to be created. | ||
| type: dict | ||
| required: True | ||
| options: | ||
| asn: | ||
| description: | ||
| - A private Autonomous System Number (ASN) for the Amazon side of a BGP session. | ||
| - The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. | ||
| type: int | ||
| description: | ||
| description: | ||
| - The description of the transit gateway. | ||
| type: str | ||
| tags: | ||
| description: A dict of tags for the transit gateway. | ||
| type: dict | ||
| vpc_attachment: | ||
| description: VPC to be attached. | ||
| type: list | ||
| elements: dict | ||
| options: | ||
| name: | ||
| description: Name of the attachment. | ||
| type: str | ||
| subnets: | ||
| description: Subnets for the attachment. | ||
| type: list | ||
| elements: str | ||
| tags: | ||
| description: A dict of tags for the attachment. | ||
| type: dict | ||
| vpn_attachment: | ||
| description: VPC to be attached. | ||
| type: list | ||
| elements: dict | ||
| options: | ||
| customer_gateway_id: | ||
| description: id of the customer gateway for the vpn attachment. | ||
| type: str | ||
| vpc_route_table: | ||
| description: Route table entries for the VPC | ||
| type: list | ||
| elements: dict | ||
| options: | ||
| vpc_id: | ||
| description: Te VPC id for which the route should be added. | ||
| type: str | ||
| cidr_block: | ||
| description: Destination CIDR block. | ||
| type: str | ||
| tags: | ||
| description: A dict of tags for the route table. | ||
| type: dict |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| --- | ||
| dependencies: | ||
| - role: cloud.aws_ops.aws_setup_credentials |
9 changes: 9 additions & 0 deletions
9
roles/manage_transit_gateway/tasks/add_vpc_route_entries.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| - name: Add route entries. | ||
| amazon.aws.ec2_vpc_route_table: | ||
| vpc_id: "{{ item.vpc_id }}" | ||
| tags: "{{ item.tags }}" | ||
| purge_routes: False | ||
| routes: | ||
| - dest: "{{ item.cidr_block }}" | ||
| gateway_id: "{{ manage_transit_gateway_tgw_result.transit_gateway.transit_gateway_id }}" | ||
| register: manage_transit_gateway_route_table |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| --- | ||
| - name: Run create_tgw_attach_vpc role | ||
| block: | ||
| - name: Create transit gateway | ||
| community.aws.ec2_transit_gateway: | ||
| state: present | ||
| description: "{{ transit_gateway.description }}" | ||
| asn: "{{ transit_gateway.asn }}" | ||
| tags: "{{ transit_gateway.tags }}" | ||
| register: manage_transit_gateway_tgw_result | ||
|
|
||
| - name: Verify that transit gateway has been created/updated | ||
| ansible.builtin.debug: | ||
| msg: Transit Gateway successfully created/updated. | ||
| when: manage_transit_gateway_tgw_result.changed | ||
|
|
||
| - name: Print debug msg | ||
| ansible.builtin.debug: | ||
| msg: Transit Gateway '{{ manage_transit_gateway_tgw_result.transit_gateway.transit_gateway_id }}' exists, no updates needed. | ||
| when: not manage_transit_gateway_tgw_result.changed | ||
|
|
||
| - name: Create VPC attachment | ||
| when: vars["vpc_attachment"] is defined | ||
| ansible.builtin.include_tasks: create_vpc_attachment.yaml | ||
| loop: "{{ vpc_attachment }}" | ||
|
|
||
| - name: Create VPN attachment | ||
| when: vars["vpn_attachment"] is defined | ||
| ansible.builtin.include_tasks: create_vpn_attachment.yaml | ||
| loop: "{{ vpn_attachment }}" | ||
|
|
||
| - name: Create route table entries | ||
| when: vars["vpc_route_table"] is defined | ||
| ansible.builtin.include_tasks: add_vpc_route_entries.yaml | ||
| loop: "{{ vpc_route_table }}" |
20 changes: 20 additions & 0 deletions
20
roles/manage_transit_gateway/tasks/create_vpc_attachment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --- | ||
| - name: Create VPC attachment | ||
| community.aws.ec2_transit_gateway_vpc_attachment: | ||
| state: present | ||
| name: "{{ item.name }}" | ||
| transit_gateway: "{{ manage_transit_gateway_tgw_result.transit_gateway.transit_gateway_id }}" | ||
| subnets: "{{ item.subnets }}" | ||
| tags: "{{ item.tags }}" | ||
| purge_subnets: False | ||
| register: manage_transit_gateway_tgw_vpc_attachment_result | ||
|
|
||
| - name: Verify that the transit gateway vpc attachment has been successfully created. | ||
| ansible.builtin.debug: | ||
| msg: Transit gateway VPC attachment {{ item.name }} has been successfully created. | ||
| when: manage_transit_gateway_tgw_vpc_attachment_result is changed | ||
|
|
||
| - name: Print debug message | ||
| ansible.builtin.debug: | ||
| msg: Transit gateway VPC attachment {{ item.name }} already exists with the given subnets. | ||
| when: manage_transit_gateway_tgw_vpc_attachment_result is not changed |
17 changes: 17 additions & 0 deletions
17
roles/manage_transit_gateway/tasks/create_vpn_attachment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| - name: Create vpn connection, with customer gateway and transit_gateway | ||
| community.aws.ec2_vpc_vpn: | ||
| customer_gateway_id: '{{ item.customer_gateway_id }}' | ||
| transit_gateway_id: '{{ manage_transit_gateway_tgw_result.transit_gateway.transit_gateway_id }}' | ||
| state: present | ||
| register: manage_transit_gateway_tgw_vpn_attachment_result | ||
|
|
||
| - name: Verify that the transit gateway vpc attachment has been successfully created. | ||
| ansible.builtin.debug: | ||
| msg: Transit gateway VPN attachment has been successfully created. | ||
| when: manage_transit_gateway_tgw_vpn_attachment_result is changed | ||
|
|
||
| - name: Print debug message | ||
| ansible.builtin.debug: | ||
| msg: Transit gateway VPN attachment {{ item.name }} already exists. | ||
| when: manage_transit_gateway_tgw_vpn_attachment_result is not changed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| --- | ||
| - name: Run manage_transit_gateway role | ||
| block: | ||
| - name: List all the transit gateway attachments | ||
| community.aws.ec2_transit_gateway_info: | ||
| register: manage_transit_gateway_info | ||
|
|
||
| - name: Get the transit gateway with the given description | ||
| ansible.builtin.set_fact: | ||
| manage_transit_gateway_gw: "{{ item }}" | ||
| when: | ||
| - item.description == transit_gateway.description | ||
| - item.state == "available" | ||
| loop: "{{ manage_transit_gateway_info.transit_gateways }}" | ||
|
|
||
| - name: Delete the attachment and transit manage_transit_gateway_gw | ||
| when: manage_transit_gateway_gw is defined | ||
| block: | ||
| - name: Describe attachments on a specific VPC | ||
| community.aws.ec2_transit_gateway_vpc_attachment_info: | ||
| filters: | ||
| transit-gateway-id: '{{ manage_transit_gateway_gw.transit_gateway_id }}' | ||
| register: manage_transit_gateway_info | ||
|
|
||
| - name: Start deletion of all attachments | ||
| community.aws.ec2_transit_gateway_vpc_attachment: | ||
| state: absent | ||
| id: '{{ item.transit_gateway_attachment_id }}' | ||
| wait: True | ||
| loop: '{{ manage_transit_gateway_info.attachments }}' | ||
|
|
||
| - name: Check if all the transit gateway attachments have been deleted | ||
| community.aws.ec2_transit_gateway_vpc_attachment_info: | ||
| filters: | ||
| transit-gateway-id: '{{ manage_transit_gateway_gw.transit_gateway_id }}' | ||
| register: manage_transit_gateway_info | ||
|
|
||
| - name: Check for attachments | ||
| ansible.builtin.assert: | ||
| that: | ||
| - manage_transit_gateway_info.attachments | length == 0 | ||
|
|
||
| - name: Check for vpn attachments | ||
| community.aws.ec2_vpc_vpn_info: | ||
| register: manage_transit_gateway_vpn_info | ||
|
|
||
| - name: Set fact | ||
| ansible.builtin.set_fact: | ||
| manage_transit_gateway_cgw: "{{ item.customer_gateway_id }}" | ||
| when: | ||
| - item.transit_gateway_id == manage_transit_gateway_gw.transit_gateway_id | ||
| - item.state == "available" | ||
| loop: "{{ manage_transit_gateway_vpn_info.vpn_connections }}" | ||
|
|
||
| - name: Delete vpn connection, with customer gateway and transit_gateway | ||
| community.aws.ec2_vpc_vpn: | ||
| customer_gateway_id: '{{ manage_transit_gateway_cgw }}' | ||
| transit_gateway_id: '{{ manage_transit_gateway_gw.transit_gateway_id }}' | ||
| state: absent | ||
| wait_timeout: 600 | ||
| when: | ||
| - manage_transit_gateway_vpn_info.vpn_connections != [] | ||
| - manage_transit_gateway_cgw is defined | ||
|
|
||
| - name: Check for vpn attachments after deletion | ||
| community.aws.ec2_vpc_vpn_info: | ||
| register: manage_transit_gateway_vpn_att_info | ||
|
|
||
| - name: Check for vpn attachments | ||
| ansible.builtin.assert: | ||
| that: | ||
| - item.state == "deleted" | ||
| when: | ||
| - item.transit_gateway_id == manage_transit_gateway_gw.transit_gateway_id | ||
| loop: "{{ manage_transit_gateway_vpn_att_info.vpn_connections }}" | ||
|
|
||
| - name: Delete Transit Gateways | ||
| community.aws.ec2_transit_gateway: | ||
| state: absent | ||
| transit_gateway_id: '{{ manage_transit_gateway_gw.transit_gateway_id }}' | ||
| ignore_errors: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| --- | ||
| - name: Run manage transit gateway role | ||
| module_defaults: | ||
| group/aws: "{{ aws_setup_credentials__output }}" | ||
|
|
||
| block: | ||
| - name: Include file | ||
| ansible.builtin.include_tasks: "{{ action }}.yaml" |
3 changes: 3 additions & 0 deletions
3
tests/integration/targets/test_manage_transit_gateway/aliases
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| cloud/aws | ||
| role/manage_transit_gateway | ||
| time=35m |
13 changes: 13 additions & 0 deletions
13
tests/integration/targets/test_manage_transit_gateway/defaults/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| cidr_prefix: '10.{{ 255 | random(seed=resource_prefix) }}' | ||
| aws_security_token: '{{ security_token | default(omit) }}' | ||
| tgw_name: '{{ resource_prefix }}' | ||
| vpc_name_a: '{{ resource_prefix }}-1' | ||
| vpc_name_b: '{{ resource_prefix }}-2' | ||
| vpc_cidr_a: '{{ cidr_prefix }}.1.0/24' | ||
| vpc_cidr_b: '{{ cidr_prefix }}.2.0/24' | ||
|
|
||
| subnet_cidr_a_1: '{{ cidr_prefix }}.1.0/26' | ||
| subnet_cidr_b_1: '{{ cidr_prefix }}.2.0/26' | ||
|
|
||
| subnet_name_a_1: '{{ resource_prefix }}-a-1' | ||
| subnet_name_b_1: '{{ resource_prefix }}-b-1' |
Oops, something went wrong.